/contrib/famzah

Enthusiasm never stops

Infonotary E-Signature with Cardman 6121 on Kubuntu Karmic and Lucid

9 Comments

There are three systems involved in using an Infonotary e-signature with a reader in Firefox 3.5/3.6 on Linux 32-bit:

Installation instructions for Kubuntu Karmic and Lucid follow:

  1. Execute the following in a terminal console:
    sudo apt-get install pcscd pcsc-omnikey
    sudo tar -C / -zxf HiPath_SIcurity_Card_API_V3_1_010_Linux.tar.gz
    sudo ln -s /lib/libpcsclite.so.1 /lib/libpcsclite.so.0
    
  2. Review the “Security device settings in Firefox 3.5/3.6” paragraph below and set up “/usr/local/lib/libsiecap11.so” in Firefox
  3. Install the Infonotary root certificate chain by following the instructions on the Infonotary wiki page. Review the “Инсталиране на удостоверителната верига на Инфонотари” section there. Make sure that you edit the CA certificate trust settings exactly as described.

Update: Since I upgraded to Lucid, when I plug in my Cardman reader, I need to restart “pcscd” and Firefox before I can use it. The command for restarting “pcscd” is “sudo /etc/init.d/pcscd restart”.


Some more detailed explanation about the above commands and programs follows. If you are in a hurry, you can safely skip them. I’m using a 32-bit installation of Kubuntu.

Drivers for the reader: Prior to Karmic 9.10 I used the “opensc” package, not the Siemens HiPath Sicurity API library. The “opensc” package no longer works for me. Make sure that the following packages are not installed on your system, the Siemens API library provides their functionality:

sudo apt-get --purge remove opensc libopensc2 libopenct1 openct libccid

Note that the Siemens API library has some dependency problems on newer systems. It is linked against “/lib/libpcsclite.so.0”, but the package “libpcsclite1” now ships “/lib/libpcsclite.so.1”. They seem fully compatible though (or are the same library?). Therefore, a symlink “/lib/libpcsclite.so.0 -> /lib/libpcsclite.so.1” must be made. You can check if your Siemens library installation works well by issuing the command “ldd /usr/local/lib/libsiecap11.so”. If you see something like the following:

libpcsclite.so.0 => not found

…then there is a problem. You have to re-check if you made the symlink as advised.
If you see something like the following:

libpcsclite.so.0 => /lib/libpcsclite.so.0 (0x00466000)

…then you are OK.

Middleware software: I’ve always used “pcscd”. On Karmic I tried “openct” too, but it didn’t work for me.

Security device settings in Firefox 3.5/3.6: Edit->Preferences->Advanced->Encryption->Security Devices->Load->Module filename: /usr/local/lib/libsiecap11.so

There are some instructions on the Infonotary Wiki page too, but I’m not positive if they are up-to-date and suitable for Kubuntu Karmic or Lucid.


Just a side note: While I was using the “opensc” drivers, I found out that if you choose “/usr/lib/onepin-opensc-pkcs11.so” for “Module filename” in Firefox, then you won’t be asked twice for your PIN code (actually the second request was for something like “Secondary authentication” PIN). Prior to this, I used “/usr/lib/libopensc-pkcs11.so” and it worked well too – I typed nothing for Secondary authentication, but it was annoying.


Download disclaimer about my copy of the “HiPath SIcurity Card API V3.1 PKCS#11 for Linux”: I uploaded the copy of this archive file as I got it from my card reader vendor. I give no guarantee for the integrity of this copy and I cannot be held liable for any security or other damage, whatsoever. You have been warned.

Advertisements

Author: Ivan Zahariev

An experienced Linux & IT enthusiast, Engineer by heart, Systems architect & developer.

9 thoughts on “Infonotary E-Signature with Cardman 6121 on Kubuntu Karmic and Lucid

  1. Tested and works on 32-bit Debian squeeze/sid:

    apt-get install pcscd pcsc-omnikey
    tar -C / zxvf HiPath_SIcurity_Card_API_V3_1_010_Linux.tar.gz

    The extra symlink is not needed on Debian. The library is linked correctly out of the box.

    Thanks a bunch!

  2. Hi,

    I am not able to find HiPath_SIcurity_Card_API_V3_1_010_Linux.tar.gz – can you put it somewhere?
    On ftp://hu-ftp.hu-berlin.de/pub/smartcard/Software/Linux/CardOS_API_V5_0_10_AMD64_Linux2_6_26_glibc2_7_18_pcsc1_5_5.tar.gz is nothing …

    BR
    Jan

  3. do you happen to have the windows version of the card API? i have problem erasing my CardOS 4.3B card with pkcs15-init and i want to try to format the card with the windows card viewer tool and then use opensc.

    cheers,

    st.

    • I’ve sent you an email with a temporary URL link where you can download all the files I got from Infonorary. They contain Windows drivers as well. I won’t make the URL link public because of copyright considerations.

  4. Pingback: Firefox crashes with “terminate called after throwing an instance of ’std::bad_alloc’” « /contrib/famzah

  5. Hi! Could you put the 64 bit version of the HiPath Slcurity somewhere?
    Many thanks! -t

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s